View file nkomm.php

File size: 3.42Kb
<?php
include 'inc/db.php';
include 'inc/1.php';
$time=time();
function hc($in){
return htmlspecialchars($in);
}
function me($in){
return mysql_escape_string($in);
}
$id=intval($_GET['id']);
if (!$_GET['id']){
header("Location: /index.php");
exit;
}
if ($user){
if ($user['ksort']=='1')$sort='ASC';
else
$sort='DESC';
}
else
$sort='DESC';
if ((($user['admin']==1) || ($user['moder']==1)) && isset($_GET['del'])){
$d=intval($_GET['del']);
mysql_query("DELETE FROM `news_komm` WHERE `id` = '$d'");
echo "<div class='msg'>Удалено</div>";
}

$to=htmlspecialchars($_POST['to']);
if ($_POST['msg'] && $user){
if ($_POST['to'] && (mysql_num_rows(mysql_query("SELECT * FROM `user` WHERE `name` = '$to'"))==1))$ank=mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `name` = '$to'"));
$msg=mysql_escape_string($_POST['msg']);
mysql_query("INSERT INTO `news_komm` (`id`, `msg`, `user`, `time`, `nid`) values (NULL, '$msg', '".$user['id']."', '$time', '$id')");
if (!$_POST['to']){
$op=mysql_query("SELECT * FROM `news_komm` WHERE `user` <> '$user[id]' AND `nid` = '$id' ORDER BY `time` ".$sort." LIMIT 5");
while ($w=mysql_fetch_assoc($op)){
$arr[]=$w['user'];
}
$new_arr=array_unique($arr);
$bb=0;
while ($bb<count($new_arr)){
mysql_query("INSERT INTO `jurnal` (`msg`, `user`, `time`) values ('Комментарий в <a href=\'nkomm.php?id=$id\'>новости</a>!', '$new_arr[$bb]', '".time()."')");
$bb++;
}
}
else
{
mysql_query("INSERT INTO `jurnal` (`msg`, `user`, `time`) values ('Вам ответили в <a href=\'nkomm.php?id=$id.php\'>новости</a>.', '$ank[id]', '".time()."')");
}
echo "<div class='msg'>Сообщение добавлено</div>";
}
$to=htmlspecialchars($_GET['to']);
if (!$_GET['p'])$_GET['p']=1;
$page=intval($_GET['p']);
$start=($page*15-15);
$q=mysql_query("SELECT * FROM `news_komm` WHERE `nid` = '$id' ORDER BY `time` DESC LIMIT $start, 15");
$qq=mt_rand(1111, 9999);
if ($_GET['to'] && $user)echo "<div class='input'><a href='?id=$id&q=$qq'>Обновить</a><br><form action='?id=$id' method='POST'>Сообщение:<br><textarea name='msg'>$to, </textarea><br><input type='hidden' name='to' value='$to'><input type='submit' name='OK' value='Добавить'></form></div>";
elseif (!$_GET['to'] && $user)
echo "<div class='input'><a href='?id=$id&q=$qq'>Обновить</a><br><form action='?id=$id' method='POST'>Сообщение:<br><textarea name='msg'></textarea><br><input type='submit' name='OK' value='Добавить'></form></div>";
$a=1;
while ($f=mysql_fetch_assoc($q)){
$ank=gus($f['user']);
$ololo=out($f['msg']);
echo "<div class='p".($a%2)."'>".im($ank['id'])." <a href='ank.php?id=$ank[id]'>".hc($ank['name'])."</a>".on($ank['id'])." (".vremja($f['time']).") <a href='nkomm.php?id=$id&to=".hc($ank['name'])."'>[отв]</a><br>$ololo";
if (($user['admin']==1) || ($user['moder']==1))echo "<br><a href='?id=$id&del=$f[id]'>[<font color='red'>x</font> Удалить]</a>";
echo "</div>";
$a++;
}
/*if ($page>1)echo "<a href='guestbook.php?p=".($page-1)."'>Назад</a> ";
if (mysql_num_rows(mysql_query("SELECT * FROM `guestbook`"))>($start+15)) echo "<a href='?p=".($page+1)."'>Далее</a>";*/
$q1=(mysql_num_rows(mysql_query("SELECT * FROM `news_komm`"))/15);
$q2=round(mysql_num_rows(mysql_query("SELECT * FROM `news_komm`"))/15);
if ($q1>$q2)$pages=($q2+1);
else
$pages=$q2;
pages($pages, $page, "?id=$id&p");
include_once 'inc/foot.php';
?>